Description
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.
Remediation
References
Related Vulnerabilities
WordPress Plugin TwitterCart Security Bypass (2.0)
PHP Out-of-bounds Read Vulnerability (CVE-2019-11047)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-35525)
WordPress Plugin Secure Copy Content Protection and Content Locking SQL Injection (2.6.6)
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2006-3469)